Week in review: IoT, Windows code injection, new user privacy rules for ISPs

Here’s an overview of some of last week’s most interesting news, reviews and articles:

New code injection attack works on all Windows versions
Researchers from security outfit enSilo have uncovered a new code injection technique that can be leveraged against all Windows versions without triggering current security solutions.

New FCC privacy rules protect broadband users
The rules separate the use and sharing of information into three categories and include clear guidance for both ISPs and customers about the transparency, choice and security requirements for customers’ personal information.

Review: IS Decisions UserLock
According to a Rapid7 survey, 90% of organizations are worried about compromised credentials and around 60% say they cannot catch these types of attacks. French IT security company IS Decisions tries to tackle this major problem with UserLock, a solution that provides access security and concurrent login control for corporate networks.

Dyn DDoS attack post-mortem: Users inadvertently helped
As StarHub, one of the three major telcos in Singapore, confirmed that they were the latest victim of “intentional and likely malicious distributed denial-of-service attacks” on their DNS system, Dyn has published a short post-mortem of the unprecedented DDoS attacks it suffered on Friday (October 21, 2016).

Top 10 strategic predictions for IT organizations and users
Gartner revealed its top predictions for 2017 and beyond, which examine three fundamental effects of continued digital innovation: experience and engagement, business innovation, and the secondary effects that result from increased digital capabilities.

Understanding IoT botnets
Attackers will likely invest more resources into taking over the hordes of IoT devices added to the Internet every day.

Federal regulators: Increasing cybersecurity stance on financial institutions
The three main prudential regulators for financial institutions—Office of the Comptroller of the Currency (OCC), Federal Reserve Board (FRB), and Federal Deposit Insurance Corporation (FDIC)—released new proposed cybersecurity risk mitigation standards called Enhanced Cyber Risk Management Standards.

Malicious JPEGs can compromise your iPhone
A vulnerability in the iOS CoreGraphics component allows attackers to compromise iDevices by tricking victims into viewing a maliciously crafted JPEG file.

Terabit-scale DDoS events are on the horizon
Corero Network Security has disclosed a new DDoS attack vector observed for the first time against its customers last week. The technique is an amplification attack, which utilizes the Lightweight Directory Access Protocol (LDAP): one of the most widely used protocols for accessing username and password information in databases like Active Directory, which is integrated in most online servers.

Australian blood donors’ info found leaking from insecure server
Personal information of some 550,000 Australian blood donors has been sitting exposed on a web developer’s server and has been downloaded by a person who effectively stumbled on it.

Icarus takes control of drones by impersonating their operators
Researcher Jonathan Andersson, a member of Trend Micro’s TippingPoint DVLabs, has demonstrated how a specialized hardware module dubbed Icarus can be used to hijack a variety of widely-used hobbyist drones and make them do your bidding.

Photos: IoT Solutions World Congress Barcelona 2016
The world’s leading industrial Internet companies and experts gathered at the Fira de Barcelona for the IoT Solutions World Congress (IoTSWC) in order to showcase solutions for industries across different sectors.

Smart city initiatives: Highly integrated and complex problems to solve
Every day, leaders of large cities grapple with knotty, complex problems like decaying public transportation infrastructures, aging utility lines, urban blight, neighborhoods that are vulnerable to the effects of climate change, and other multi-faceted socio-economic challenges. Increasingly, municipal leaders are turning to urban analytics, data collection, and advances in sensor technology to help solve the problems of modern cities in bold, transformative ways.

Common enterprise IoT devices are hackable in minutes
ForeScout Technologies’ research focused on seven common enterprise IoT devices, including IP-connected security systems, smart HVACs and energy meters, video conferencing systems and connected printers, among others.

Why don’t all businesses have a good continuity strategy?
It has been said that an ounce of prevention is worth a pound of cure. In the case of disaster recovery, however, businesses tend focus on prevention without anticipating the need for a cure.

88% of employees lack awareness to stop privacy or security incidents
MediaPro surveyed 1,000 employees across the U.S. to quantify the current state of privacy and security awareness, and revealed employee knowledge trends across eight risk domains, ranging from working remotely to identifying phishing attempts, and assigned three risk profiles indicating employees’ privacy and security awareness IQ.

Enabling the Industrial Internet of Things with Unidirectional CloudConnect
Waterfall Security Solutions launched Unidirectional CloudConnect, a solution based on its patented Unidirectional Gateway technology, designed to meet the challenges of both cybersecurity and interoperability.

Over one-third of Americans have been hacked
Two-thirds of Americans believe themselves to be tech savvy, although their actions with regard to online security indicate otherwise – with millennials being the worst offenders, according to Arbor Networks.

Free tool for Active Directory changes monitoring
Netwrix Change Notifier for Active Directory tracks changes to Active Directory (AD) users, group memberships, OUs, permissions, and provides visibility into what’s happening inside your AD.

Hackers changing tactics, techniques and procedures
Organizations need to conduct better penetration testing to combat continual changes in hackers’ tactics, techniques and procedures (TTPs), according to NTT Security.

Best practices for securing your data in-motion
Data in-motion has to contend with human error, network failures, insecure file sharing, malicious actions and more.

More about

Don't miss